Forgejo, init with admin account and server config

Automatically creates an admin account with sops data. Not my favorite
process because user needs to know to change the sops password to be
owned by forgejo, otherwise good though.

Has a bunch of useful config settings for setting up a server easily.
Commit with that to follow.

Point of worry: SSH_PORT setting isn't set, and will probably need to be
set later to allow people to commit and similar to the repos.

nixosModules/services/forgejo/service.nix

@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+
+{
+  options.forgejo = {
+    enable = lib.mkEnableOption "";
+    server = {
+      port = lib.mkOption { default = 4848; };
+      domain = lib.mkOption { type = lib.types.str; };
+    };
+    users = {
+      admin = {
+        enable = lib.mkEnableOption "creates an admin account";
+        username = lib.mkOption { type = lib.types.str; };
+        passwordFile = lib.mkOption {};
+      };
+    };
+  };
+
+  config = lib.mkIf config.forgejo.enable {
+    services.forgejo = {
+      enable = true;
+      settings = {
+        server = {
+          DOMAIN = config.forgejo.server.domain; #"winry.woach.me";
+          HTTP_PORT = config.forgejo.server.port;
+          ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
+        };
+        # SSH_PORT = config.sshd.port;
+        session.COOKIE_SECURE = true;
+        service.DISABLE_REGISTRATION = true;
+      };
+    };
+
+    systemd.services.forgejo.preStart = lib.mkIf config.forgejo.users.admin.enable (let
+      adminCmd = "${lib.getExe config.services.forgejo.package}";
+    in ''
+      ${adminCmd} admin user create --admin --email "root@localhost" --username ${config.forgejo.users.admin.username} --password "$(tr -d '\n' < ${config.forgejo.users.admin.passwordFile})" || true
+    '');
+  };
+}